CLAIMS 



Listing of claims. 
1-10. (Cancelled) 

1 1 . (Previously Presented) A method for ensuring that a processor will execute only authorized 
boot code, said method comprising: 

reading a certificate including a first public key into a protected memory; 

validating said certificate with a second public key permanently stored on said processor; 

reading a signed authorized boot code into said protected memory, wherein said protected 
memory is cryptographically protected; 

verifying a digital signature used to sign said signed authorized boot code in accordance 
with said first public key; 

executing, by the processor, said signed authorized boot code having a verified digital 
signature by branching to a copy of said signed authorized boot code in said protected memory, 
said signed authorized boot code including instructions for performing a boot process for a 
computer device comprising the processor, wherein said digital signature of said signed 
authorized boot code is previously verified and executing further comprises performing inline 
decryption of the copy of said signed authorized boot code in said protected memory. 

12. (Cancelled) 

13. (Previously Presented) A method as recited in claim 1 1 wherein the integrity of the contents 
of said protected memory is protected by encryption using a cryptographic key stored on said 

2 



processor. 



14. (Original) A method as recited in claim 1 1 wherein said protected memory is physically 
protected. 

15. (Cancelled) 

16. (Previously Presented) A method as recited in claim 1 1 wherein the integrity of said 
authorized boot code is protected at run time. 

17. (Previously Presented) A method as recited in claim 16 wherein the integrity of said 
authorized boot code is protected with symmetric key encryption. 

18. (Previously Presented) A method as recited in claim 1 1 wherein the privacy of said 
authorized boot code is protected at run time. 

19. (Previously Presented) A method as recited in claim 18 wherein the privacy of said 
authorized boot code is protected at run time with symmetric key encryption. 

20-21. (Cancelled) 

22. (Previously Presented) A program storage device readable by machine, tangibly embodying a 
program of instructions executable by the machine to perform program steps for ensuring that a 
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processor will execute only authorized code, the program steps comprising: 
reading a certificate including a first public key into a protected memory; 

validating said certificate with a second public key permanently stored on said processor; 

reading a signed authorized boot code into said protected memory, wherein said protected 
memory is cryptographically protected; 

verifying a digital signature used to sign said signed authorized boot code in accordance 
with said first public key; 

executing said signed authorized boot code having a verified digital signature by 
branching to a copy of said signed authorized boot code in said protected memory, said signed 
authorized boot code including instructions for performing a boot process for a computer device 
comprising the processor, wherein said digital signature of said signed authorized boot code is 
previously verified and executing further comprises performing inline decryption of the copy of 
said signed authorized boot code in said protected memory. 

23. (Previously Presented) A computing device for securely executing authorized code, said 
computing device comprising: 

a protected memory for storing signed authorized code, which contains an original digital 
signature, wherein said protected memory is cryptographically protected; and 

a processor comprising inline cryptography and integrity hardware for executing boot 
code in signal communication with said protected memory executing said signed authorized code 
from the protected memory for booting the computing device after verifying that a digital 
signature contained in said signed authorized code is original in accordance with a first public 
key stored in said protected memory, said first public key validated by a second public key 
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permanently stored on said processor, and branching to a copy of said authorized code in said 
protected memory to begin the execution. 

24. (Previously Presented) A computing device as recited in claim 23 wherein the integrity of the 
contents of said protected memory is protected by encryption. 

25. (Previously Presented) A computing device as recited in claim 23 wherein said protected 
memory is physically protected. 

26. (Previously Presented) A computing device as recited in claim 23 wherein at least one of the 
integrity of said authorized code and the privacy of said authorized code is protected at run time. 

27. (Previously Presented) A computing device as recited in claim 23 wherein the integrity of 
said signed authorized code is protected at run time with symmetric key encryption. 

28. (Previously Presented) A computing device as recited in claim 23, wherein the privacy of 
said signed authorized code is protected at run time with symmetric key encryption. 



5 



